(Reuters) - Iranian hackers have repeatedly attacked Bank of America Corp , JPMorgan Chase & Co and Citigroup Inc over the past year, as part of a broad cyber campaign targeting the United States, according to people familiar with the situation.

The attacks, which began in late 2011 and escalated this year, have primarily been "denial of service" campaigns that disrupted the banks' websites and corporate networks by overwhelming them with incoming web traffic, said the sources.

Whether the hackers have been able to inflict more serious damage on computer networks or steal critical data is not yet known. The sources said there was evidence suggesting the hackers targeted the banks in retaliation for their enforcement of Western economic sanctions against Iran.

Iran has beefed up its cyber capabilities after its nuclear program was damaged in 2010 by the Stuxnet virus, widely believed to have been developed by the United States. Tehran has publicly advertised its intentions to build a cyber army and encouraged private citizens to hack against Western countries.

The attacks on the three largest U.S. banks originated in Iran, but it is not clear if they were launched by the state, groups working on behalf of the government, or "patriotic" citizens, according to the sources, who requested anonymity as they were not authorized to discuss the matter.
They said the attacks shed new light on the potential for Iran to lash out at Western nations' information networks.

"Most people didn't take Iran seriously. Now most people are taking them very seriously," said one of the sources, referring to Iran's cyber capabilities.

Iranian officials were not available for comment. Bank of America, JPMorgan and Citigroup declined to comment, as did officials with the Pentagon, U.S. Department of Homeland Security, Federal Bureau of Investigation, National Security Agency and Secret Service.
A U.S. financial services industry group this week warned banks, brokerages and insurers to be on heightened alert for cyber attacks after the websites of Bank of America and JPMorgan Chase's experienced unexplained service disruptions.
NBC reported late on Thursday that the Iranian government was behind these attacks, citing U.S. national security sources. Reuters could not verify that independently.
Tensions between the United States and Iran, which date back to the revolution in 1979 that resulted in the current Islamic republic, have escalated in recent years as Washington led the effort to prevent Tehran from getting a nuclear bomb and imposed tough economic sanctions.
DISRUPTIVE CAMPAIGN
Denial-of-service campaigns are among the oldest types of cyber attacks and do not require highly skilled computer programmers or advanced expertise, compared with sophisticated and destructive weapons like Stuxnet.
But denial-of-service attacks can still be very disruptive: If a bank's website is repeatedly shut down, the attacks can hurt its reputation, affect customer retention and cause revenue losses as customers cannot open accounts or conduct other business.

Bank of America, Citigroup and JPMorgan Chase have consulted the FBI, Department of Homeland Security and National Security Agency on how to strengthen their networks in the face of the Iranian attacks, the sources said. It was not clear whether law enforcement agencies are formally investigating the attacks.

The Iranian attackers may have used denial-of-service to distract the victims from other, more destructive assaults that have yet to be uncovered, the sources said.

Frank Cilluffo, who served as homeland security adviser to U.S. President George W. Bush, told Reuters that he knows of "cyber reconnaissance" missions that have come from Iran but declined to give specifics.
"It is yet to be seen whether they have the wherewithal to cause significant damage," said Cilluffo, who is now director of the Homeland Security Policy Institute at George Washington University.

security experts said Iran's cyber capabilities are not as sophisticated as those of the China, Russia, the United States or many of its Western allies. Jim Lewis, a former U.S. Foreign Service officer, said Iran has been testing its cyber technology against Israel and other Gulf states in recent years
.
"It's like the nuclear program: It isn't particularly sophisticated but it makes progress every year," said Lewis, who is a senior fellow at the Center for Strategic & International Studies.

Banks are not the real issue. They need to improve but in the last 5 years they have made great strides in cyber security.

The main thing you should be worried about is our utilites. They will be yucking it up when they are without power for days/weeks because their power grid is controlled by computers and a state/country got by their lax security.

And then they will be on here going........... where was Obama?

If it happens, Obama will deserve all the blame we can heap.

__________________

“The American people are tired of liars and people who pretend to be something they’re not.” - Hillary Clinton

Banks are not the real issue. They need to improve but in the last 5 years they have made great strides in cyber security.

The main thing you should be worried about is our utilites. They will be yucking it up when they are without power for days/weeks because their power grid is controlled by computers and a state/country got by their lax security.

If the utilities were nationalized...sure. But they aren't in most cases. they're private business.

If we have so much warning that BigRedChief is sounding the alarm about the vulnerability then we either ought to be building an ironclad defense (likely not possible) or aggressively convincing them that it wouldn't be in their interests to attack us in that way (not Obama's style, IMO).

__________________

“The American people are tired of liars and people who pretend to be something they’re not.” - Hillary Clinton

Because according to Pat, if a bear shits on your lawn, or a tree falls on your car, that's Obama's fault too.

I saw an Obama sign lurking in the shadows around my neighborhood and the next thing I knew, my neighbor's mailbox was knocked off it's post. I don't have proof beyond a reasonable doubt, but I have my suspicions.

j/k There are no Obama signs in my neighborhood.

__________________

“The American people are tired of liars and people who pretend to be something they’re not.” - Hillary Clinton

I promise you that more denial of service attacks come from China than anyone else. Stopping this is easy. Just cut off Iran from a public ip perspective.

you guys are still not getting the issue. DOS can be launched by anyone who has access to google. It's the lowest hanging fruit there is in cyber. Your local grocery store should know how to prevent DOS attacks. This was just a test. It was too amateurish to be a serious attempt. If they can build nuclear plants, they can use Google and know of that website that for some reason this website blocks the name.

Cut off an IP range? Are you serious? Really? Dont you think they know thats the first thing we would do? They will launch from within the USA.

__________________
Fear is the path to the Dark Side. Fear leads to anger, anger leads to hate, hate leads to suffering.

I saw an Obama sign lurking in the shadows around my neighborhood and the next thing I knew, my neighbor's mailbox was knocked off it's post. I don't have proof beyond a reasonable doubt, but I have my suspicions.

j/k There are no Obama signs in my neighborhood.

Saw a couple more pop up in my neighborhood.

__________________
Fear is the path to the Dark Side. Fear leads to anger, anger leads to hate, hate leads to suffering.

If we have so much warning that BigRedChief is sounding the alarm about the vulnerability then we either ought to be building an ironclad defense (likely not possible) or aggressively convincing them that it wouldn't be in their interests to attack us in that way (not Obama's style, IMO).

UHHH it costs money to build out and more money to maintain. They say they cant afford it. Since its not a local group that will threaten it, but a country/state, the feds should pick up the cost.

So what happened, the Dems came up with a bill to attach to the patriot act and the Republicans killed the bill in committe. Saying the states and cities should pay the freight themselves, not the Federal government.

While we are arguing over how to pay for the increased security that everyone agrees needs to happen, our enemies increase the knowledge and capacity to do us harm.

But, WTH right Patteau....... It'll be Obama's fault the Republicans killed the bill.

__________________
Fear is the path to the Dark Side. Fear leads to anger, anger leads to hate, hate leads to suffering.

UHHH it costs money to build out and more money to maintain. They say they cant afford it. Since its not a local group that will threaten it, but a country/state, the feds should pick up the cost.

So what happened, the Dems came up with a bill to attach to the patriot act and the Republicans killed the bill in committe. Saying the states and cities should pay the freight themselves, not the Federal government.

While we are arguing over how to pay for the increased security that everyone agrees needs to happen, our enemies increase the knowledge and capacity to do us harm.

But, WTH right Patteau....... It'll be Obama's fault the Republicans killed the bill.

Link?

__________________

“The American people are tired of liars and people who pretend to be something they’re not.” - Hillary Clinton

NEW YORK (CNNMoney) -- There's a good chance your bank's website was attacked over the past week.

Since Sept. 19, the websites of Bank of America (BAC, Fortune 500), JPMorgan Chase (JPM, Fortune 500), Wells Fargo (WFC, Fortune 500), U.S. Bank (USB, Fortune 500) and PNC Bank have all suffered day-long slowdowns and been sporadically unreachable for many customers. The attackers, who took aim at Bank of America first, went after their targets in sequence. Thursday's victim, PNC's website, was inaccessible at the time this article was published.

Security experts say the outages stem from one of the biggest cyberattacks they've ever seen. These "denial of service" attacks -- huge amounts of traffic directed at a website to make it crash -- were the largest ever recorded by a wide margin, according to two researchers.
Banks get hit by cyberattackers all the time and typically have some of the best defenses against them. This time, they were outgunned.
"The volume of traffic sent to these sites is frankly unprecedented," said Dmitri Alperovitch, co-founder of CrowdStrike, a security firm that has been investigating the attacks. "It's 10 to 20 times the volume that we normally see, and twice the previous record for a denial of service attack."

To carry out the cyberattacks, the attackers got hold of thousands of high-powered application servers and pointed them all at the targeted banks. That overwhelmed Bank of America and Chase's Web servers on Sept. 19, Wells Fargo and U.S. Bank on Wednesday and PNC on Thursday. Fred Solomon, a spokesman for PNC, confirmed that a high volume of traffic on Thursday was affecting users' ability to access the website, but he declined to go into more detail.

Denial of service attacks are an effective but unsophisticated tool that doesn't involve any actual hacking. No data was stolen from the banks, and their transactional systems -- like their ATM networks -- remained unaffected. The aim of the attacks was simply to temporarily knock down the banks' public-facing websites.

__________________
Fear is the path to the Dark Side. Fear leads to anger, anger leads to hate, hate leads to suffering.